Skip to main content

Security

Enterprise security for everyone

SELinux in enforcing mode, container isolation, real-time malware detection, and a web application firewall. The same security posture that government systems demand - included in every plan.

Start free trialSee bot detection

14 days free. No credit card. No commitment.

SELinux

Enforcing mode

Isolation

Per-account containers

Malware

Real-time detection

Pricing

Simple, transparent pricing

Every plan includes managed WordPress, SSH access, daily backups, and enterprise-grade security. Start with a 14-day free trial.

Startup

Great for growing businesses

$7.99/mo

$94.99 billed annually

Get started
  • 1 website
  • 10 GB storage
  • ~10,000 visits/month
  • 5 MySQL databases
  • 250,000 inodes
  • 5 FTP users

What's included:

SSL & Domain

  • Free SSL certificate
  • Temporary subdomain

WordPress

  • 1-click WordPress
  • Managed WordPress
  • Free WordPress migration
Most popular

Advanced

For professional websites

$14.99/mo

$179.99 billed annually

Choose plan
  • 5 websites
  • 20 GB storage
  • ~110,000 visits/month
  • 10 MySQL databases
  • 500,000 inodes
  • 10 FTP users

Everything in Startup, plus:

Performance

  • Memcached

Pro

Maximum performance and features

$22.99/mo

$274.99 billed annually

Go pro
  • 10 websites
  • 40 GB storage
  • ~200,000 visits/month
  • 20 MySQL databases
  • 750,000 inodes
  • 20 FTP users
Compare plans

Security layers

Defense in depth

Multiple independent security layers. If one is bypassed, others still protect you.

SELinux in enforcing mode

Mandatory access control developed by the NSA. Prevents privilege escalation even if an attacker gains root. Competitors using cPanel can't enable this.

Container isolation

Every account runs in its own Podman container with dedicated CPU, RAM, and I/O limits. Your neighbor's problems stay their problems.

Real-time malware detection

File system monitoring catches threats the moment they're uploaded. Not daily scans - real-time.

ModSecurity WAF

Web application firewall with OWASP rules blocks SQL injection, XSS, and other common attacks before they reach your application.

Free SSL certificates

Automatic Let's Encrypt certificates for every domain and subdomain. Auto-renewed before expiry, zero configuration needed.

IP and geo-blocking

Block individual IPs, CIDR ranges, or entire countries. Rate limiting per subdomain prevents brute force and DDoS attacks.

Architecture

SELinux and container hardening

SELinux in enforcing mode

Every file access, network connection, and process execution is validated against mandatory access control policies. The same security standard used by government agencies and financial institutions.

Kernel-level enforcement

Security policies are enforced at the kernel level, not the application level. Even if an attacker gains root privileges, SELinux prevents unauthorized access to other resources.

Isolated Podman containers

Each account runs in its own container with dedicated CPU, RAM, and I/O limits. Multiple hardening layers ensure a compromised container can't affect anything outside it.

Container hardening

no-new-privileges

Containers cannot gain additional privileges beyond what they started with. Even if malware exploits a vulnerability, it can't escalate.

Capability restrictions

Dangerous capabilities like SYS_ADMIN are dropped. Containers only have the minimum capabilities needed to function.

noexec filesystems

Home and temp directories are mounted with noexec. Attackers can't execute uploaded malicious binaries.

Kernel hardening

Unprivileged user namespaces are disabled, preventing container escape vulnerabilities that exploit user namespace features.

Even if they get in, they can't get out. Multiple layers of container hardening ensure a compromised application can't escape.

Did you know

Your websites are also protected by behavioral bot detection

Infrastructure security is one half of the picture. Every Hostney server also runs a behavioral bot detection system with 20+ scoring signals, proof-of-work challenges, and cross-server bans.

20+ scoring signals

Every IP is scored across rate patterns, header analysis, path scanning, cookie behavior, and more.

Proof-of-work challenges

Suspicious traffic must solve a computational challenge before accessing your site. Bots fail, humans pass.

Cross-server bans

When an IP is banned on one server, the ban propagates across all Hostney servers within 30 seconds.

Learn about our bot detection

Security included

Every plan, every feature

We don't charge extra for security. SELinux, container isolation, malware detection, bot detection, and WAF are included in every Hostney plan.

Start your free trial

Questions

Frequently asked questions

Recent articles

HOW-TO GUIDESHTTP/3 and QUIC: what it meansfor your websiteHOSTNEYhostney.com
How-to guides
HTTP/3 and QUIC: what it means for your website
KNOWLEDGE BASEEllie Trust & SafetyHOSTNEYhostney.com
Knowledge base
Ellie Trust & Safety
LATEST NEWSHow to Stop Bot Traffic at theOrigin: Inside Hostney’sServer-Level Bot ProtectionHOSTNEYhostney.com
Latest news
How to Stop Bot Traffic at the Origin: Inside Hostney’s Server-Level Bot Protection
LEARNING CENTERHow SSL Certificates Work toSecure Your DataHOSTNEYhostney.com
Learning center
How SSL Certificates Work to Secure Your Data
LEARNING CENTERHTTP/1.1 vs HTTP/2 vs HTTP/3:what actually changedHOSTNEYhostney.com
Learning center
HTTP/1.1 vs HTTP/2 vs HTTP/3: what actually changed
LEARNING CENTERGit Version Control: APractical GuideHOSTNEYhostney.com
Learning center
Git Version Control: A Practical Guide
LEARNING CENTERFind and Grep: Searching Filesand Text on Linux ServersHOSTNEYhostney.com
Learning center
Find and Grep: Searching Files and Text on Linux Servers
HOW-TO GUIDESRestrict WordPress AdminAccess by IP AddressHOSTNEYhostney.com
How-to guides
Restrict WordPress Admin Access by IP Address